18 Mar
2010
18 Mar
'10
1:55 a.m.
Stephan Bosch wrote:
Timo Sirainen wrote:
http://dovecot.org/releases/1.2/dovecot-1.2.11.tar.gz http://dovecot.org/releases/1.2/dovecot-1.2.11.tar.gz.sig
mbox users really should upgrade, because by sending a message with a huge header you could basically cause a DoS (this problem exists only with v1.2.x, not with v1.0 or v1.1).
- mbox: Message header reading was unnecessarily slow. Fetching a huge header could have resulted in Dovecot eating a lot of CPU. Also searching messages was much slower than necessary. - mbox, dbox, cydir: Mail root directory was created with 0770 permissions, instead of 0700. - maildir: Reading uidlist could have ended up in an infinite loop. - IMAP IDLE: v1.2.7+ caused extra load by checking changes every 0.5 seconds after a change had occurred in mailboxI have a paper deadline this Friday, so a new release of Pigeonhole will be delayed until this weekend.
I've refreshed the ManageSieve patch for v1.2:
http://www.rename-it.nl/dovecot/1.2/dovecot-1.2.11-managesieve-0.11.11.diff.... http://www.rename-it.nl/dovecot/1.2/dovecot-1.2.11-managesieve-0.11.11.diff....
Sieve release will take more time.
Regards,
Stephan.